Attachment 246097 Details for Bug 274900 – Patch for vorbis-tools

[patch] Patch for vorbis-tools

vorbis-tools-CVE-2023-43361.patch (text/plain), 1.52 KB, created by Daniel Engberg on 2023-11-04 08:46:04 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Daniel Engberg

Created: 2023-11-04 08:46:04 UTC

Size: 1.52 KB

patch

obsolete

>diff --git a/audio/vorbis-tools/Makefile b/audio/vorbis-tools/Makefile
>index c5edc2790cf1..481cb71d95bb 100644
>--- a/audio/vorbis-tools/Makefile
>+++ b/audio/vorbis-tools/Makefile
>@@ -1,6 +1,6 @@
> PORTNAME=	vorbis-tools
>-PORTVERSION=	1.4.2
>-PORTREVISION=	3
>+DISTVERSION=	1.4.2
>+PORTREVISION=	4
> PORTEPOCH=	3
> CATEGORIES=	audio
> MASTER_SITES=	https://downloads.xiph.org/releases/vorbis/
>diff --git a/audio/vorbis-tools/files/patch-CVE-2023-43361 b/audio/vorbis-tools/files/patch-CVE-2023-43361
>new file mode 100644
>index 000000000000..bd6fe963410b
>--- /dev/null
>+++ b/audio/vorbis-tools/files/patch-CVE-2023-43361
>@@ -0,0 +1,30 @@
>+diff --git a/oggenc/platform.c b/oggenc/platform.c
>+index 6d9f4ef..b66e47a 100644
>+--- oggenc/platform.c
>++++ oggenc/platform.c
>+@@ -136,18 +136,22 @@ int create_directories(char *fn, int isutf8)
>+ {
>+     char *end, *start;
>+     struct stat statbuf;
>+-    char *segment = malloc(strlen(fn)+1);
>++    const size_t fn_len = strlen(fn);
>++    char *segment = malloc(fn_len+1);
>+ #ifdef _WIN32
>+     wchar_t seg[MAX_PATH+1];
>+ #endif
>+ 
>+     start = fn;
>+ #ifdef _WIN32
>+-    if(strlen(fn) >= 3 && isalpha(fn[0]) && fn[1]==':')
>++    // Strip drive prefix
>++    if(fn_len >= 3 && isalpha(fn[0]) && fn[1]==':') {
>++ 
>+         start = start+2;
>+ #endif
>+ 
>+-    while((end = strpbrk(start+1, PATH_SEPS)) != NULL)
>++    // Loop through path segments, creating directories if necessary
>++    while((end = strpbrk(start + strspn(start, PATH_SEPS), PATH_SEPS)) != NULL)
>+     {
>+         int rv;
>+         memcpy(segment, fn, end-fn);

Actions: View | Diff

Attachments on bug 274900: 246097